package com.t2t.top.ldap;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Hashtable;

public class LdapUtil {

    /**
     * 相关问题：
     * 1.权限的控制，
     * 2.匿名登录的验证
     * 3.登录的方式：匿名，用户名密码验证
     */
    private String url;
    private String basedn;
    private String domain;
    private Hashtable<String, String> env = new Hashtable<String, String>();

    public LdapUtil() {
        url = "ldap://127.0.0.1:389/";
        basedn = "dc=micmiu,dc=com";
        domain = "ou=feitian";
    }

    public boolean connect(String userName, String passwd) {
        boolean result = false;
        LdapContext ldapContext = null;
        //用户名称，cn,ou,dc 分别：用户，组，域
        env.put(Context.SECURITY_PRINCIPAL, userName);
        //用户密码 cn 的密码
        env.put(Context.SECURITY_CREDENTIALS, passwd);
        //url 格式：协议://ip:端口/组,域   ,直接连接到域或者组上面
        env.put(Context.PROVIDER_URL, url + basedn);
        //LDAP 工厂
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        //验证的类型     "none", "simple", "strong"
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        System.out.println(env);
        try {
            ldapContext = new InitialLdapContext(env, null);
            result = true;
            System.out.println("---connection is ready----");
        } catch (NamingException e) {
            e.printStackTrace();
            System.out.println("--- get connection failure ----");
        }
        return result;
    }


    public boolean validateUser(String userName, String passwd) {
        String userdn = "uid=" + userName + "," + domain;
        String dn = userdn + "," + basedn;
        System.out.println("dn=" + dn);
        return connect(dn, passwd);
    }

    public static void main(String[] args) {
        LdapUtil util = new LdapUtil();
        util.validateUser("yangpengfei", "111111");
    }

}
